[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: comment on unmanaged analysis presentation/doc

To: v6ops@ops.ietf.org
Subject: Re: comment on unmanaged analysis presentation/doc
From: Rob Austein <sra+v6ops@hactrn.net>
Date: Tue, 24 Sep 2002 00:45:52 -0400
Delivery-date: Mon, 23 Sep 2002 21:47:50 -0700
Envelope-to: v6ops-data@psg.com
User-agent: Wanderlust/2.8.1 (Something) SEMI/1.14.4 (Hosorogi) FLIM/1.14.4(Kashiharajingş-mae) APEL/10.3 Emacs/20.7 (i386--freebsd) MULE/4.0(HANANOEN)

At Mon, 23 Sep 2002 16:10:22 +0200 (CEST), Erik Nordmark wrote:
> 
> Stated differently, if you apply IPv4 ingress filtering in the network
> and IPv6 ingress filtering in the IPv6-native parts of the network, the
> use of encapsulation doesn't create additional holes in your filtering.

This is the key point.

While it's somewhat tedious to set up, a 6to4 router can use the usual
topological defenses to keep from letting any bad stuff through.

A 6to4 relay (or a terado relay or an xyz relay) has a much harder
task, because the network topology doesn't tell it much of anything
that it can use as a basis for filtering out the bogons.

Prev by Date: Re: ocean: do not boil
Next by Date: RE: ocean: do not boil
Previous by thread: Re: comment on unmanaged analysis presentation/doc
Next by thread: Re: comment on unmanaged analysis presentation/doc
Index(es):
- Date
- Thread